package com.cake.liulanxiangzhu.config;

import com.cake.liulanxiangzhu.security.*;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import java.util.Collections;


@Configuration
@Slf4j
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsServiceImpl userDetailsServiceImpl;

    @Autowired
    private WeiXinDetailsServiceImpl weiXinDetailsService;

    @Autowired
    private TextMessageServiceImpl textMessageService;

    @Autowired
    JwtAuthorizationFilter jwtAuthorizationFilter;
    @Override
    protected void configure(HttpSecurity http) throws Exception{
        String [] urls ={"/user/login","/user/smsLogin" ,"/user/getRandomNum","/user/weiXinLogin", "/**/*.png" ,"/**/*.jpg"};
        http.csrf().disable();
        http.cors(); // 启用Spring Security框架的处理跨域的过滤器，此过滤器将放行跨域请求，包括预检的OPTIONS请求
        http.authorizeRequests() // 对请求执行认证与授权
                // .antMatchers(urls) // 匹配某些请求路径，必须严格匹配路径
                .mvcMatchers(urls) // 匹配某些请求路径，匹配路径时不关心扩展名，例如配置的路径是 /admin，则可以匹配上 /admin、/admin.html、/admin.jpg
                .permitAll() // （对此前匹配的请求路径）不需要通过认证即允许访问
                .anyRequest() // 除以上配置过的请求路径以外的所有请求路径
                .authenticated(); // 要求是已经通过认证的
       http.addFilterBefore(jwtAuthorizationFilter, UsernamePasswordAuthenticationFilter.class);

    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return NoOpPasswordEncoder.getInstance(); // 无操作的密码编码器，即：不会执行加密处理
        //return new BCryptPasswordEncoder();   //用这个需要与加密后的密码验证，具体情况看数据库密码的存储方式
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(textMessageService)
                .authenticationProvider(weiXinDetailsService);
        //可以继续使用自定义的Provider 格式是接着.authenticationProvider()
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsServiceImpl).passwordEncoder(passwordEncoder());
    }


    @Bean("usernamePasswordAuthenticationManager")
    public AuthenticationManager userAuthenticationManager() throws Exception {
        DaoAuthenticationProvider provider2 = new DaoAuthenticationProvider();
        provider2.setUserDetailsService(userDetailsServiceImpl);
        provider2.setPasswordEncoder(passwordEncoder());
        return new ProviderManager(Collections.singletonList(provider2));
    }


    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }





}
